When they started the attack the hackers managed to play the video on 2000 devices using ports 8008/8443
A hacker has identify 123,000 vulnerable devices online and has forced 65,183 devices using Chromecast and Google Home, including smart TVs, to play a video promoting a YouTube celebrity’s channel.
TheHackerGiraffe has claimed responsibility for the hack, even going so far to create a blog where people can view in real-time the number of devices exposed.
Using Shodan, a search engine that helps you find devices connected to the internet such as security cameras, computers and unsecured Internet of Things connections, the hackers discovered over 120,000 Chromecast devices with low-security.
The hack is possible due to the fact that Chromecast is using Universal Plug and Play (UPnP) which makes your router push a public internet port onto the Chromecast devices. This is done in order to make the devices easier to interchangeably work with remote devices such as printers and gaming consoles.
Teaming up with another hacker named j3ws3r, TheHackerGiraffe used a Chromecast attack code to access the Google Home Local API to connect to the device which they then renamed ‘Hacked_SUB2Pewds’ allowing them to play their selected YouTube video on the device.
When they started the attack the hackers managed to play the video on 2000 devices using ports 8008/8443, however they soon noticed that this route was cut off as devices and endpoints stopped responding, suggesting Google was responding to the incident. The hackers simply switched to a different port used by Chromecast which allowed the hack to continue.
The video that was forced to play on devices was one in support of the YouTube gamer PieDewPie who is currently trying to maintain the position of most subscribed channel on YouTube as he faces completion from an Indian music channel.
This is the second hack by TheHackerGiraffe who had previously hacked 50,000 printers that were discovered to be vulnerable, again using Shodan. Once he had access to the printers he force them to print out another promotional message supporting PieDewPies channel.
Why are local printers being hacked for this pic.twitter.com/fAnNTIp6ds
— madison. (@maddybenavente1) November 29, 2018
The easiest way to avoid been affected by this type of vulnerability is to restrict your device’s ability to play external videos by turning of the Universal Plug and Play option, but this would then mean printers and IoT devices may no longer work via Google Home or Chromecast…